xplanation, Andy! I’ve tested Denes’ workaround
>> and it fixes the problem.
>>
>> Best regards,
>> Elemir
>>
>> *From: *Andy LoPresto
>> *Reply-To: *"users@nifi.apache.org"
>> *Date: *Saturday, 23 February 2019 at 12:06 pm
>> *To:
;>
>> Best regards,
>> Elemir
>>
>> From: Andy LoPresto mailto:alopre...@apache.org>>
>> Reply-To: "users@nifi.apache.org <mailto:users@nifi.apache.org>"
>> mailto:users@nifi.apache.org>>
>> Date: Saturday, 23 February 2019 at 12:06 pm
12:06 pm
> *To: *"users@nifi.apache.org"
> *Subject: *Re: Invalid CORS request error on NiFi v1.8.0 and 1.9.0 behind
> nginx
>
> The change was made to mitigate CVE-2018-17195 [1], which allowed a
> malicious actor in a specific scenario to upload a template without
gt;
> From: Andy LoPresto
> Reply-To: "users@nifi.apache.org"
> Date: Saturday, 23 February 2019 at 12:06 pm
> To: "users@nifi.apache.org"
> Subject: Re: Invalid CORS request error on NiFi v1.8.0 and 1.9.0 behind nginx
>
> The change was made to mitigate
Thanks a lot for your explanation, Andy! I’ve tested Denes’ workaround and it
fixes the problem.
Best regards,
Elemir
From: Andy LoPresto
Reply-To: "users@nifi.apache.org"
Date: Saturday, 23 February 2019 at 12:06 pm
To: "users@nifi.apache.org"
Subject: Re: Invalid CORS r
Hi Denes,
Thanks a lot for checking the issue! Your workaround fixes the problem.
Best regards,
Elemir
From: Denes Arvay
Reply-To: "users@nifi.apache.org"
Date: Friday, 22 February 2019 at 10:02 pm
To: "users@nifi.apache.org"
Subject: Re: Invalid CORS request error on N
The change was made to mitigate CVE-2018-17195 [1], which allowed a malicious
actor in a specific scenario to upload a template without authorization. This
could result in RCE. Denes’ suggestion about rewriting the Origin header in
your proxy should work.
[1] https://nifi.apache.org/security.h
Hi Elemir,
As a workaround you can try to overwrite the Origin header in the request
to the value which is expected by NiFi, in your case it should be
https://localhost. (i.e. add proxy_set_header Origin https://localhost; to
your nginx config).
I hope this helps,
Denes
On Fri, Feb 22, 2019 at 1
Hi Elemir,
I was able to reproduce your issue with a simple nginx-NiFi setup, both
running on localhost.
My guess is that the cause is that POST is missing from allowed methods
list from the /process-groups/*/templates/upload path [1].
The commit which introduced this change explicitly states that
Hello,
I have been running a single instance of NiFi server v1.7.1 on AWS behind ALB
and nginx:
ALB -> nginx -> NiFi
The configuration has been working fine, but since NiFi v1.8.0, I get Invalid
CORS request error when I try uploading a template file. Is there anything I
need to change in the
10 matches
Mail list logo